go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/grpc/prpc/doc.go (about) 1 // Copyright 2016 The LUCI Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package prpc (provisional RPC) implements an RPC client over HTTP 1.x. 16 // 17 // Like gRPC: 18 // - services are defined in .proto files 19 // - service implementation does not depend on pRPC. 20 // 21 // Unlike gRPC: 22 // - supports HTTP 1.x and AppEngine 1.x. 23 // - does not support streams. 24 // 25 // # Compile service definitions 26 // 27 // Use cproto tool to compile .proto files to .go files with gRPC and pRPC support. 28 // It runs protoc and does some additional postprocessing. 29 // 30 // //go:generate cproto 31 // 32 // Install cproto: 33 // 34 // go install go.chromium.org/luci/grpc/cmd/cproto 35 // 36 // # Protocol 37 // 38 // ## v1.4 39 // 40 // v1.4 hides some leaking HTTP v1 transport implementation details from gRPC 41 // services and clients by stopping exposing values of the following headers in 42 // metadata.MD: "Accept", "Accept-Encoding", "Content-Encoding", 43 // "Content-Length", "Content-Type", "X-Content-Type-Options", all "X-Prpc-*" 44 // headers. 45 // 46 // Note that "X-Prpc-Grpc-Timeout", "X-Prpc-Status-Details-Bin", "Content-Type" 47 // and "Accept" headers were already hidden in the previous version of 48 // the protocol. 49 // 50 // Also note that such commonly present headers as "Host" and "User-Agent" are 51 // still exposed as metadata, since they are already used in the wild and 52 // the protocol does not depend on them significantly. 53 // 54 // ## v1.3 55 // 56 // v1.3 adds request/response body compression support using GZIP (RFC-1952). 57 // 58 // - A request MAY have a header "Content-Encoding: gzip". 59 // If it is present, then the server MUST decompress the request body before 60 // unmarshaling the request message. 61 // - A request MAY have a header "Accept-Encoding: gzip". 62 // If the header is present, then the server response body MAY be compressed; 63 // and the server SHOULD decide based on the response message size. 64 // If the response body is compressed, then the response MUST include a 65 // header "Content-Encoding: gzip". 66 // 67 // See also https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding 68 // and https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding 69 // 70 // ## v1.2 71 // 72 // v1.2 is small, backward-compatible amendment to v1.1 that adds support for 73 // error details. 74 // 75 // Response header "X-Prpc-Status-Details-Bin" contains elements of 76 // google.rpc.Status.details field, one value per element, in the same order. 77 // The header value is a standard base64 string with padding of the encoded 78 // google.protobuf.Any, where the message encoding is the same as the response 79 // message encoding, i.e. depends on Accept request header. 80 // 81 // ## v1.1 82 // 83 // v1.1 is small, backward-compatible amendment to v1.0 to address a 84 // security issue. Since it is backward compatible, it does not introduce 85 // a formal protocol version header at this time. 86 // 87 // Changes: 88 // - Requests/responses must use "application/json" media type instead of 89 // "application/prpc; encoding=json". 90 // - Responses must include "X-Content-Type-Options: nosniff" HTTP header. 91 // 92 // This enables CORB protection (which mitigates spectre) and disables content 93 // sniffing. 94 // For CORB, see https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md. 95 // 96 // ## v1.0 97 // 98 // This section describes the pRPC protocol. It is based on HTTP 1.x and employs 99 // gRPC codes. 100 // 101 // A pRPC server MUST handle HTTP POST requests at `/prpc/{service}/{method}` 102 // where service is a full service name including full package name. 103 // The handler must decode an input message from an HTTP request, 104 // call the service method implementation and 105 // encode the returned output message or error to the HTTP response. 106 // 107 // pRPC protocol defines three protocol buffer encodings and media types. 108 // - Binary: "application/prpc; encoding=binary" (default). 109 // - JSON: "application/prpc; encoding=json" or "application/json" 110 // A response body MUST have `)]}'\n` prefix to prevent XSSI. 111 // - Text: "application/prpc; encoding=text" 112 // 113 // A pRPC server MUST support Binary and SHOULD support JSON and Text. 114 // 115 // Request headers: 116 // - "X-Prpc-Grpc-Timeout": specifies request timeout. 117 // A client MAY specify it. 118 // If a service hits the timeout, a server MUST respond with HTTP 503 and 119 // DeadlineExceed gRPC code. 120 // Value format: `\d+[HMSmun]` (regular expression), where 121 // - H - hour 122 // - M - minute 123 // - S - second 124 // - m - millisecond 125 // - u - microsecond 126 // - n - nanosecond 127 // - "Content-Type": specifies input message encoding in the body. 128 // A client SHOULD specify it. 129 // If not present, a server MUST treat the input message as Binary. 130 // - "Accept": specifies the output message encoding for the response. 131 // A client MAY specify it, a server MUST support it. 132 // - Any other headers MUST be added to metadata.MD in the context that is 133 // passed to the service method implementation (note this behavior was 134 // amended in v1.4). 135 // - If a header name has "-Bin" suffix, the server must treat it as 136 // standard-base64-encoded with padding and put the decoded binary blob into 137 // the metadata under the original key (i.e. the one ending with "-bin"). 138 // 139 // Response headers: 140 // - "X-Prpc-Grpc-Code": specifies the gRPC code. 141 // A server MUST specify it in all cases. 142 // - If it is present, the client MUST ignore the HTTP status code. 143 // - If OK, the client MUST return the output message 144 // decoded from the body. 145 // - Otherwise, the client MUST return a gRPC error with the 146 // code and message read from the response body. 147 // - If not present, the client MUST return a non-gRPC error 148 // with message read from the response body. 149 // A client MAY read a portion of the response body. 150 // - "Content-Type": specifies the output message encoding. 151 // A server SHOULD specify it. 152 // If not specified, a client MUST treat it is as Binary. 153 // - Any metadata returned by a service method implementation MUST go into 154 // http headers, unless metadata key starts with "X-Prpc-". 155 // 156 // A server MUST always specify "X-Prpc-Grpc-Code". 157 // The server SHOULD specify HTTP status corresponding to the gRPC code. 158 // 159 // If the "X-Prpc-Grpc-Code" response header value is not 0, the response body 160 // MUST contain a description of the error. 161 // 162 // If a service/method is not found, the server MUST respond with Unimplemented 163 // gRPC code and SHOULD specify HTTP 501 status. 164 package prpc